Re: RAND_egd() blocking -- despite contract that states otherwise?

The 'fail with error condition stating lack of entropy' should be
something like an EAGAIN, where (at some point in the future) the call
can be re-invoked to use the amount of entropy that's already in the
pool plus whatever's been added to the system /dev/random or the
prngd?

-Kyle H

On Sat, Nov 8, 2008 at 8:17 AM, Ben Sandee <tbsandee@gmail.com> wrote:[color=blue]
> On Sat, Nov 8, 2008 at 5:53 AM, David Schwartz <davids@webmaster.com> wrote:[color=green]
>>[color=darkred]
>> > That's a great question. Indeed, this platform (AIX) does have
>> > /dev/random but apparently that too was exhausted because that
>> > is checked first in our implementation. I think the fault is truly
>> > with the system in question, because prngd should not have blocked
>> > in the manner it did. Despite this problem being a one-off, there
>> > is a push to "fix" the issue and guarantee it will never happen again.
>> > It was during my investigations that I noticed the blocking nature
>> > of the EGD lookups.[/color]
>>
>> So what do you want to do if you run out of entropy?[/color]
>
> Fail with an error condition stating that, rather than the indeterminate
> hang in read() that was experienced.
>
> Ben
>[/color]
______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]openssl-users@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]